In a major legal blow to one of the world’s biggest technology companies, a U.S. federal jury has ordered Google to pay $425 million in damages after finding the company guilty of unlawfully collecting data from millions of users who believed their privacy settings protected them. The verdict, announced on September 3, 2025, by the U.S. District Court for the Northern District of California in San Francisco, comes after years of legal proceedings and marks one of the largest privacy-related class action awards against a tech giant in recent years.
The lawsuit, initially filed in July 2020, accused Google of deceiving users by continuing to collect their personal and behavioral data even after they had turned off a setting known as “Web & App Activity.” Plaintiffs alleged that from July 2016 to September 2024, Google tracked user activity across third-party apps and devices, gathering data through hidden analytical tools and ad networks. This data included information from popular platforms such as Instagram, Uber, and Venmo, all of which used Google’s analytics and advertising services. Despite users switching off what they thought was a safeguard against tracking, their digital footprints were still monitored and stored without their explicit consent.
The lawsuit represented around 98 million users and approximately 174 million devices, making it one of the largest privacy class actions in U.S. history. During the trial, the plaintiffs’ lawyers argued that Google’s privacy statements and product interfaces were intentionally misleading, allowing the company to maintain its lucrative data-driven advertising business while assuring users they had control over their privacy. They also revealed internal communications showing that Google engineers knew disabling “Web & App Activity” did not fully stop data collection, but did not clearly disclose this to users.
After weeks of testimony and deliberation, the jury ruled in favor of the plaintiffs on two key claims: invasion of privacy and intrusion upon seclusion. Still, it dismissed a third allegation under California’s Computer Data Access and Fraud Act. The court ordered Google to pay $425 million in damages, a figure significantly lower than the $31 billion sought by the plaintiffs but still a powerful statement about corporate accountability. According to legal analysts, the verdict reflects jurors’ acknowledgment that while Google may not have engaged in criminal activity, it breached user trust by misleading people about how their data was handled.
Google, for its part, swiftly issued a statement rejecting the verdict and announcing plans to appeal. “This decision misunderstands how our products work,” a Google spokesperson said. “Our privacy tools give people meaningful control over their data, and when they turn off personalization, we honor that choice.” The company maintains that it has always been transparent about its data collection practices and that the plaintiffs’ interpretation of its privacy settings is misleading.
Despite Google’s defense, the verdict adds to a growing list of legal and regulatory challenges the company faces worldwide over privacy and data protection. Earlier in 2025, Google reached a $1.3 billion settlement with the state of Texas over similar claims involving user data collection and targeted advertising. Privacy advocates argue that the California verdict sends a broader message to the tech industry that even complex, opaque data systems are subject to public accountability and legal scrutiny. It also underscores a growing expectation from consumers that privacy controls should be simple, clear, and actually effective.
For users, the case serves as a reminder that privacy settings on digital platforms may not always function as expected. Turning off tracking features does not necessarily mean that data collection ceases, especially when companies integrate cross-platform services and third-party apps into their ecosystems. For the tech industry, the ruling signals an urgent need for companies to ensure that privacy promises align with their technical reality, or risk massive legal consequences and public backlash.
In summary, the Google privacy breach case has exposed the gap between user expectations and corporate data practices. The $425 million fine, although relatively modest compared to Google’s earnings, represents a significant milestone in the ongoing global push for digital transparency and data rights. As the company prepares to appeal, the outcome has already sparked debates about corporate ethics, user autonomy, and the true meaning of consent in the digital age.
